NEW DELHI: Vodafone India is actively working on security analytics to prevent cyber threats, according to Amit Pradhan, the second largest telco's CTSO, Chief Privacy Officer and SVP - Technology Security. In an exclusive interview with ET’s Danish Khan, Pradhan talks about Vodafone’s strategy to counter cyber-attacks, cloud adoption among telcos and new telecom technologies. Edited excerpts.

What is keeping you busy these days?

Data privacy overall in India is increasing. And, our focus on privacy has increased as well. Another area is cyber defense. We rolled out a cyber defense framework last year. Now, we are operationalizing it.

We have cyber intelligence, which basically, keeps a track of cyber-attacks happening outside, and dig out all the information and try and identify the technology components and modus operandi of the attack. Our cyber discovery team, which looks at Vodafone infrastructure, then does mitigation and patching. We get this intelligence feed from around 15-220 sources, including government sources, OEMs, our own cyber analytics and paid research.

The challenge is how early we assimilate the security intelligence feed, and how do we found what is relevant to us, and then how fast are we able to take measures.

How do you ensure data breaches don't take place?

The biggest problem for organisations into identifying what data they need to protect, and where it lies. Information is a liability which needs to be protected. We have systematically identified the right technologies to protect. We are using encryption in terms of access control, privilege access monitoring, change of data sets, information right management tools -- all these technologies we have used on technology landscape front to protect this data.

We have challenged them to tweak the processes to have a minimal exposure to the customer data. Thirdly, we have relooked our access management procedures across the organization. It helps us in disabling ids when users leave. Most of the incidents happen with ids which are still active after the user leaves. All companies, especially outsourced company, is suffering. We have developed tools and processes to take care of access control for outside vendors.

Last thing is people. They need to be sensitised. We have now rolled out what is called absolute privacy rules - APR. There are 5 APRs, which is the foundation stone for the privacy framework that we have rolled out.

Is there a skill set related problem when it comes to countering cyber attacks in India’s telecom sector?

It stands true for all industries. In any industry, there are products from different partners, products which don't talk to each other, then products that require third party to talk to each other. All of those are producing data in the form of logs. The challenge is how do you take this data and form a picture of what is happening and take a decision.

How challenging has it become to combat cyber-attacks? How is Vodafone addressing this challenge?

We work on a five-point philosophy for our security. First is security basics - we need to have very strong security basics in place, which essentially are hygiene level, firewall, and antivirus. All the IT security equipment need to be in place and need to operate at the desired level, which we have set.Second is the customer differentiating experience. Whatever we do is it resulting in differentiating experience for customers.

Third is becoming future focused. It is about becoming ready to adopt newer technologies, which essentially means we have a check whether we are not going to end of life products, legacy systems.

Fourth is being cost conscious, and cost-effective. And, last is how do assure our key stakeholders in terms of privacy risk and compliance. Every project that comes, goes to all these five checks.

What are your thoughts about cloud adoption by telecom operators?

I would want cloud adoption to pick up by telcos. But due to the regulatory requirements, cloud adoption is not easy. Today, telcos need to have everything on premises, because of regulatory requirements and data sovereignty, remote access, maintenance and audit, and operation assurance, which basically creates a restriction in the adoption of cloud, which in turns restricts telcos from becoming more agile and flexible. There need to be some changes in regulations.

Any new project that you are working on around security?

We are working very actively on security analytics. We know what happens in terms of security threats, risks, and deflections et al. So we know what happens. But we are now trying to find why it happens? Is there a reason for when it happens. We also have some idea on how it happens, but we want to analyse more in terms of parameters which causes it to happen. The study is more on the pattern, trending, and analyzing the root cause. This is being done from a detective to a pro-active or preventive mode.

What are your thoughts on Machine Learning and AI technologies?

The machine learning and AI technologies are already in place in some of the areas. The common technology is the chatbot, being used globally. Second is the search engine with cognitive computing behind it.

Which are the trends in the telecom industry?

All telcos have now realised while their primary service is voice and data, they can't only rely on being a carrier for consumers. They have to start creating content. This is industry is definitely moving towards content creation and content delivery. It starts with delivery first, and then would go to creation.With this, are liabilities have not only increased from the regulator standpoint but also int terms of protecting the content, which will result into being an intellectual property. I am expecting that IPR related issues might come up in future, where we might have issues with copyrights and trademarks and IP conflicts.

Any new technology telcos are adopting?

There are a lot of technologies being adopted in the operations space by telcos. Even Vodafone is using SON, which is now picking up rapidly. This technology has the ability to optimise the delivery.

Second is customer experience. There are multiple projects around customer experience, and while the trend today is set for the digital telco. A lot of these initiatives are in digital space.